• 



511 — 



512 



514 — 



516 



1 


r 


Application Server Gets the 
Decrypted Second User's 
Private Key from the Key Store 
Database 






Application Server Uses the 
Decrypted Second User's 
Private Key to Decrypt Sensitive 
Data 




f 


Application Server Gathers the 
Data Requested by the Client 




f 


Application Server Encrypts 
All the Requested Data Using 
the First User's Public Key 







FIG. 5 (continued) 

Accessing Sensitive Data (Cont.) 

CO 



Application Server Transmits 
Encrypted Requested Data to 
the Interface Server 



518 



Interface Server Sends the 
Encrypted Requested Data to 
the Client 



-520 



Client Decrypts the Encrypted 
Requested Data Using the First 
User's Private Key 



522 



▼ 



678581 0 




Fig. lb 



Keys Used for Authenticating the 
Interface ggrygr 



Private Network Side (Application Server) 

Private Key of the Verification Processor 
152 



, Client Side 

Public Key of the Verification Processor 
154 



1 



Unencrypted Text 


Encrypted Part 


Part 





A 


i 


Unencrypted Text 
Part 


Encrypted Part 



Certificate 



Certificate 



Key: ^ = Encryption ^ = Decryption 



Fig. lc 



Keys Used in Transmitting. Receiving , 
and Storing Data 



Client Transmitting Patq 
to a Private Network (Application Server) 



Private Network (Application Server) 
Receiving and Storing Data 



Application Server's Public Key 
160 



i 



User's Public Key 
158 



Non-sensitive Data Sensitive Data 



i 



Application Server's Private Key 
166 




Non-sensitive Data Sensitive Data 



Private Network (Application Server) 
Transmitting Dqtatp Client 



Client Receiving Data 



User's Public Key 
158 



Requested Data 



User's Private Key 
164 



Requested Data 



Key: ^ ™ Encryption ^ = Decryption 



Fig. Id 



Kevs Utilized in Fuzzv Searching 



User's Public Key 
158 




Vector 



Signature Vector for Query 



Key: ^ m Encryption ^ ° Decryption 



Fig. le 



Kevs Utilized in Relational Database Searching 



User's Public Key 
158 



Search Query Involving Sensitive Data 



^ = Encryption J = Decryption 



Fig. If 



Keys Utilized in Accessing Sensitive Data 



First User's Key-Store Master Key 
168 



Second User's Private Key 
in Key-Store Database 



Second User's Private Key 
164 



Sensitive Data 



^ - Encryption ^ « Decryption 



Fig. lh 

Steps for Communications between a Client and a Private Network 



20 



30 — 



40 



Start 




Client Authenticates 
Interface Server 




Communication between 
Client and Application 
Server 



Perform Client Requested 
Operation 



60 — 



Return to Client the 
Requested Information 




No 




. ► 


Notify User of 
Authentication Failure 



27 




No 




► ► 


Notify Client of Denial 



70 




Start 



200 



Client Requests 
a Certificate from 
the Interface Server 



205 



Interface Server 
Retransmits Request 
to Application Server 



210 



Application Server 
Sends Certificate to the 

Client and Encrypts 
Portion of Data Using 

Private Key of 
Verification Processor 



215 



Client Separates 
Certificate into Two 
Parts, the Encrypted Part 
and the Clear Text Part 




Fig. 2 

Authentication 



Client, Using the Public Key of 

the Verification Processor, 
Decrypts the Encrypted Part of 
the Certificate and Matches It 
to the Clear Text Part 



220 




230 



No 


Display Error 


> ► 


Message 





Yes 




r 


Interface Server 


Properly 


Authenticated . 




r 



235 



End 



Fig. 3 



TrensmigsiQi) and StQrfrge Qf Data 



305 



Client Fetches 
Application Server's 
Public Key from the 
Certificate 



310 



Client Pre-encrypt 
Sensitive Data in 
Message with the 
User's Public Key 



315 



Client Encrypt All of the 
Message Including the 
Sensitive Data Using the 
Application Server's 
Public Key 



320 



Client Sends the 
Encrypted Message 
to the Interface 
Server 



Interface Server Sends 
Encrypted Message to 
the Application Server 




f 


Applicat 

Decode! 
Using Its 


ion Server 
5 Message 
Private Key 



325 



330 



Application Server Stores the 
Decrypted Message (with the 
Sensitive Data Still Encrypted 
with the User's Public Key) in the 
Sensitive Information Database 



335 



End 




404 




No 



Yes 



1 






For Every User Record, 
Create Trigrams 




f 




Sort Trigrams 
Alphabetically 








Compute Signature 
Vector for Each Record 
in Record Database 


1 


* 



406 



-408 



410 



FIG. 4 (continued) 

Search Operation 



CO 



Encrypt Signature Vector 
Using User's Public Key 



Store Encrypted Signature 
Vector in Fuzzy Signature 
Database 



Application Server 
Computes Signature Vector 
for Query 





FIG. 4 (continued) 



CD 



Search Operation 



CD 



Encrypt Signature Vector for 
Query Using User's Public 
Key Creating Encrypted 
Fuzzy Query 



418 



Find the Signature Vector in the 
Fuzzy Signature Database for 
Which the Inner Product with 
the Encrypted Fuzzy Query 
Holds the Maximum Value 



420 



Set the Search Query to the 
Signature Vector Whose Inner 
Product Has the Maximum 
Value 



422 




CD 




426 



FIG. 4 (continued) 

Search Operation 



Compare Search 
Query to User 
Information 



Yes 



436 — 



Return All Matches 
Because those Matches 
Represent the 

Information Found 
Pertaining to the User 



. Encrypt the Search 
Query Using the User's 
Public Key 



428 



Compare Encrypted 
Search Query to User 
Information 



430 




No 



Report to the Client 
That the Request Could 
Not Be Satisfied 



434 



T 



FIG. 5 

Accessing Sensitive Data 



Application Server Checks 
Permission Database to See If 
First User Is Authorized to 
Perform Operation for the 
Requested Patient 



504 




No 


Application Server Sends a 




Message to the Client in 


> — » 


Order to Notify It of the 




Access Denial 



Yes 



Application Server Collects 
the First User's Key Store 
Master Key 



Application Server Decrypts the 
Second User's Private Key in 
the Key Store Database Using 
the First User's Key Store 
Master Key 



